Latest Breaking News

politicat

(9,808 posts) Thu Aug 3, 2017, 01:43 PM Aug 2017

Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con

Source: Vice Motherboard

On Wednesday, US authorities detained a researcher who goes by the handle MalwareTech, best known for stopping the spread of the WannaCry ransomware virus.

In May, WannaCry infected hospitals in the UK, a Spanish telecommunications company, and other targets in Russia, Turkey, Germany, Vietnam, and more. Marcus Hutchins, a researcher from cybersecurity firm Kryptos Logic, inadvertently stopped WannaCry in its tracks by registering a specific website domain included in the malware's code.

At the time of writing it is not clear what charges, if any, Hutchins may face.

Motherboard verified that a detainee called Marcus Hutchins, 23, was being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend.

Read more: https://motherboard.vice.com/en_us/article/ywp8k5/researcher-who-stopped-wannacry-ransomware-detained-in-us-after-def-con

No contact, no charges, no information. This is weird and not good. Hutchins is a UK citizen, so should be allowed to visit the US without a visa, was not working without a visa, and doesn't appear to have violated any laws.

20 replies

= new reply since forum marked as read

Highlight:

Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con (Original Post) politicat Aug 2017 OP

This is really scary. WinstonSmith4740 Aug 2017 #1

Article says the FBI has him. Not Customs. riversedge Aug 2017 #3

Right, and FBI has a difficult relationship with hackers, no matter their hat color. politicat Aug 2017 #4

But what exactly did he do? WinstonSmith4740 Aug 2017 #5

No idea. That's what's concerning as hell. politicat Aug 2017 #6

This message was self-deleted by its author Pacifist Patriot Aug 2017 #7

He didn't do anything wrong as far as I know Renew Deal Aug 2017 #8

That's more than you can say: "He didn't do anything." Igel Aug 2017 #11

Sealed indictment LiberalArkie Aug 2017 #13

Plot twist Renew Deal Aug 2017 #17

Quick look back: LA Times article reports that KL's owner passed off malware to Hutchins. Today it ancianita Aug 2017 #20

He probably stopped a U.S. virus/trojan from doing its thing. Interferred with a government LiberalArkie Aug 2017 #10

No - he was involved in the Kronos banking Trojan several years ago. hack89 Aug 2017 #16

The UK is aware of this..... riversedge Aug 2017 #2

What about hackers who CREATE viruses to "sell" the fix? yallerdawg Aug 2017 #9

I think his partner ratted him out. LiberalArkie Aug 2017 #12

He is wanted for a separate (criminal) matter hack89 Aug 2017 #14

BBC update William Seger Aug 2017 #15

on twitter... woundedkarma Aug 2017 #18

He was behind the Kronos banking trojan PSPS Aug 2017 #19

WinstonSmith4740

(3,059 posts)

1. This is really scary.

Reply to politicat (Original post)

Thu Aug 3, 2017, 01:52 PM

Aug 2017

I'm picturing this poor guy being snatched out of his hotel room hallway, and held incommunicado somewhere. None of this makes any sense. I remember when this happened. This guy was hailed as a hero. WTF is going on? Did Hutchins somehow piss off Putin, and Donnie feels like he has to placate his boss after the sanctions screw-up?

riversedge

(70,417 posts)

3. Article says the FBI has him. Not Customs.

Reply to WinstonSmith4740 (Reply #1)

Thu Aug 3, 2017, 01:56 PM

Aug 2017

politicat

(9,808 posts)

4. Right, and FBI has a difficult relationship with hackers, no matter their hat color.

Reply to riversedge (Reply #3)

Thu Aug 3, 2017, 02:04 PM

Aug 2017

They have a history of treating whites and greys (hacking in the public interest, hacking for hire as security consultants) more harshly than blackhats, since by definition, a white to grey has to have their real name visible and is thus more vulnerable.

When people ask why hackers and digital activists use handles and wear masks -- this is why.

WinstonSmith4740

(3,059 posts)

5. But what exactly did he do?

Reply to politicat (Reply #4)

Thu Aug 3, 2017, 02:13 PM

Aug 2017

I'm not being snarky here. I'm serious...why was he arrested in the first place? Why is no one talking? This was a convention of hackers...why him?

politicat

(9,808 posts)

6. No idea. That's what's concerning as hell.

Reply to WinstonSmith4740 (Reply #5)

Thu Aug 3, 2017, 02:18 PM

Aug 2017

There's a good chance he did nothing at all, or did something as a contract hacker (a penetration test) on the authority of his employer/contractor for the benefit of his employer/contractor. Or... ??

I wish I had an answer to any of your questions, but we don't. And that's terrifying.

Response to WinstonSmith4740 (Reply #5)

Pacifist Patriot This message was self-deleted by its author.

Renew Deal

(81,895 posts)

8. He didn't do anything wrong as far as I know

Reply to WinstonSmith4740 (Reply #5)

Thu Aug 3, 2017, 02:31 PM

Aug 2017

Last edited Thu Aug 3, 2017, 03:25 PM - Edit history (1)

He reverse engineered the virus and registered the domain name he found in it. A domain name is basically what democraticunderground.com is. He did nothing wrong as far as I know.

Igel

(35,383 posts)

11. That's more than you can say: "He didn't do anything."

Reply to Renew Deal (Reply #8)

Thu Aug 3, 2017, 02:52 PM

Aug 2017

As far as I know, he did nothing wrong. But the only thing I know he did was foil the WannaCry attack. Surely he had a life before that and after.

Funny thing about the legal system--if you do bad things and then a good thing all is not forgiven. Don't know that he did anything bad. Being picked up by the FBI tends to make me think he did, or it looks like he did.

LiberalArkie

(15,733 posts)

13. Sealed indictment

Reply to Igel (Reply #11)

Thu Aug 3, 2017, 03:12 PM

Aug 2017

https://www.documentcloud.org/documents/3912520-Marcus-Hutchinson-Indictment.html

Renew Deal

(81,895 posts)

17. Plot twist

Reply to LiberalArkie (Reply #13)

Thu Aug 3, 2017, 03:25 PM

Aug 2017

ancianita

(36,207 posts)

20. Quick look back: LA Times article reports that KL's owner passed off malware to Hutchins. Today it

Reply to LiberalArkie (Reply #13)

Thu Aug 3, 2017, 04:31 PM

Aug 2017

seems a little unfair, but my guess is that there's way more to the global surveillance operations than we're being told, and that Hutchins might help the FBI get into all the server connections that the Kremlin operates.

http://www.latimes.com/business/la-fi-tn-kryptos-logic-wannacry-20170629-story.html

Just speculating that the indictment might be used as cover for gathering intel.

LiberalArkie

(15,733 posts)

10. He probably stopped a U.S. virus/trojan from doing its thing. Interferred with a government

Reply to WinstonSmith4740 (Reply #5)

Thu Aug 3, 2017, 02:33 PM

Aug 2017

operation.

hack89

(39,171 posts)

16. No - he was involved in the Kronos banking Trojan several years ago.

Reply to LiberalArkie (Reply #10)

Thu Aug 3, 2017, 03:22 PM

Aug 2017

The US Department of Justice said he had been arrested for his alleged involvement in a separate matter.

"Marcus Hutchins... a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan," it said.

"The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015."

http://www.bbc.com/news/uk-england-40820837

riversedge

(70,417 posts)

2. The UK is aware of this.....

Reply to politicat (Original post)

Thu Aug 3, 2017, 01:55 PM

Aug 2017

.....Shortly before his arrest, Hutchins was in Las Vegas during Black Hat and Def Con, two annual hacking conferences.

"We are aware a UK national has been arrested but it's a matter for the authorities in the US," a spokesperson for the UK's National Crime Agency told Motherboard in an email.

A spokesperson from the UK's National Cyber Security Centre told Motherboard in an email, "We are aware of the situation. This is a law enforcement matter and it would be inappropriate to comment further."

yallerdawg

(16,104 posts)

9. What about hackers who CREATE viruses to "sell" the fix?

Reply to politicat (Original post)

Thu Aug 3, 2017, 02:32 PM

Aug 2017

Not Bill Gates, you say?

LiberalArkie

(15,733 posts)

12. I think his partner ratted him out.

Reply to yallerdawg (Reply #9)

Thu Aug 3, 2017, 03:11 PM

Aug 2017

https://www.documentcloud.org/documents/3912520-Marcus-Hutchinson-Indictment.html

hack89

(39,171 posts)

14. He is wanted for a separate (criminal) matter

Reply to politicat (Original post)

Thu Aug 3, 2017, 03:20 PM

Aug 2017

http://www.bbc.com/news/uk-england-40820837

William Seger

(10,791 posts)

15. BBC update

Reply to politicat (Original post)

Thu Aug 3, 2017, 03:21 PM

Aug 2017

(Ninja'd by hack89)

woundedkarma

(498 posts)

18. on twitter...

Reply to politicat (Original post)

Thu Aug 3, 2017, 03:27 PM

Aug 2017

I follow some infosec people on twitter. And they are all talking about this right now. The FBI is claiming he created malware around 2014 called "kronos" but at the same time he sent a message to another infosec person asking for a copy of kronos. (they're all malware researchers, that's how he stopped wannacry and that's why he messes with this stuff) Why would he do that if he created it?

Nobody is quite sure if he did it or not. It's clear that he saved a lot of lives when he stopped wannacry.

PSPS

(13,628 posts)

19. He was behind the Kronos banking trojan

Reply to politicat (Original post)

Thu Aug 3, 2017, 04:21 PM

Aug 2017

Here's the indictment:

https://assets.documentcloud.org/documents/3912524/Kronos-Indictment-R.pdf

Reply to this discussion